Hi!
I want to make an ACL qith MAC, but i got some
troubles:
if i use:
iptables -I FORWARD -s 192.168.1.1 -m mac --mac-source
00:AA:BB:CC:DD:EE -j LOG
it logs all the 192.168.1.1 packets, but if i change
to:
iptables -I FORWARD -s 192.168.1.1 -m mac --mac-source
00:AA:BB:CC:DD:EE -j ACCEPT
Just change from LOG to ACCEPT, and no packet is
forwarded. (policy is DROP).

try in a terminal "tcpdump -n -i eth0" and in another terminal tcpdump
-n -i eth1 and look if a packet coming on internal interface and is
forwarded to external interface, if that occurs, than, look for if the
packet comes back. Like you sad, your police is DROP, so you must permit
all packets that comes back, unless if you are using the stateful
feature of iptables.